#!/bin/bash
# -*- mode: shell-script -*-
#
# runas: Run command as given user with given capabilities.
#
readonly user="$1"
readonly caps="-all,$2"
shift 2

exec setpriv \
  --reuid=$user --regid=$user --clear-groups \
  --inh-caps=$caps --ambient-caps=$caps --bounding-set=$caps \
  --reset-env -- env PATH=/usr/sbin:/usr/bin "$@"